Spock : a software-based RISC-V TEE
Day 1 | 13:35 | 00:20 | K.4.401 | jip helsen
Note: I'm reworking this at the moment, some things won't work.
Securing embedded devices, particularly those with minimal resources, presents a unique and pressing challenge. Conventional approaches to Trusted Execution Environments (TEEs) often require specialized hardware or substantial system resources, leaving low-end devices vulnerable to breaches. The need for a lightweight, efficient solution that bridges this gap is greater than ever in today’s interconnected world.
Introducing Spock
Through the development of Spock, we have created a versatile and efficient Trusted Execution Environment (TEE) tailored for RISC-V embedded devices. By relying solely on Physical Memory Protection (PMP) for isolation and requiring only machine and user modes as specified in the RISC-V privileged instruction set, Spock delivers robust security without relying on any specialized hardware.
At the core of Spock’s architecture is the Security Manager (SM), which plays a key role in managing enclave data and buffer permissions. The SM enables Spock to efficiently virtualize buffers and dynamically allocate PMP entries, providing a flexible and scalable approach to memory isolation. By leveraging this abstraction, Spock can create virtual enclaves that surpass hardware-imposed limitations, such as the number of PMP entries.
Core Features and Capabilities
Spock’s minimalist API design delivers essential security functions, including secure execution and attestation. This design supports:
- Virtualization of critical operations while maintaining a minimal Trusted Computing Base (TCB).
- Integration into very low resource embedded devices.
- Both relocatable and fixed enclaves, offering flexibility for diverse use cases.
Why Spock Matters
Spock’s design represents a modern, efficient solution for secure computing in low-resource embedded devices. Its ability to combine robust security with minimal hardware requirements makes it uniquely suited for the demands of today’s connected world, ensuring that even the smallest devices can operate securely.
Available at : https://github.com/jiphelsen/Spock